Menu
▾
▴
[phpwiki-checkins] CVS: phpwiki/lib db_filesystem.php,1.4.2.5,1.4.2.6 dbalib.php,1.2.2.3,1.2.2.4 dbmlib.php,1.7.2.2,1.7.2.3 fullsearch.php,1.4,1.4.2.1 mysql.php,1.10.2.3,1.10.2.4 pgsql.php,1.4.2.4,1.4.2.5 search.php,1.3,1.3.2.1 msql.php,1.6.2.3,1.6.2.4 mssql.php,1.1.2.4,1.1.2.5
|
From: Geoffrey T. D. <da...@us...> - 2001-11-07 20:30:50
|
Update of /cvsroot/phpwiki/phpwiki/lib
In directory usw-pr-cvs1:/tmp/cvs-serv25419/lib
Modified Files:
Tag: release-1_2-branch
db_filesystem.php dbalib.php dbmlib.php fullsearch.php
mysql.php pgsql.php search.php msql.php mssql.php
Log Message:
Cleanups of quoting details in the searches.
This fixes, among other thing, SF bug #456863.
Depending on the backend searches for pages and/or page names
containing '/', '\', '%', and/or '_' all failed in some way
or another.
The fixes to lib/dbmlib.php are untested, but parallel those in
lib/dbalib.php, so should be okay.
The fixes in lib/pgsql.php, lib/msql.php, and lib/mssql.php are
also untested. They more or less parallel tested fixes in
lib/mysql.php, but it would probably be good if someone could
test them.
Index: db_filesystem.php
===================================================================
RCS file: /cvsroot/phpwiki/phpwiki/lib/Attic/db_filesystem.php,v
retrieving revision 1.4.2.5
retrieving revision 1.4.2.6
diff -C2 -r1.4.2.5 -r1.4.2.6
*** db_filesystem.php 2001/11/06 20:43:45 1.4.2.5
--- db_filesystem.php 2001/11/07 20:30:47 1.4.2.6
***************
*** 146,150 ****
// setup for title-search
function InitTitleSearch($dbi, $search) {
! $pos['search'] = $search;
$pos['data'] = GetAllWikiPageNames($dbi['wiki']);
--- 146,150 ----
// setup for title-search
function InitTitleSearch($dbi, $search) {
! $pos['search'] = '=' . preg_quote($search) . '=i';
$pos['data'] = GetAllWikiPageNames($dbi['wiki']);
***************
*** 155,159 ****
function TitleSearchNextMatch($dbi, &$pos) {
while (list($key, $page) = each($pos['data'])) {
! if (eregi($pos['search'], $page)) {
return $page;
}
--- 155,159 ----
function TitleSearchNextMatch($dbi, &$pos) {
while (list($key, $page) = each($pos['data'])) {
! if (preg_match($pos['search'], $page)) {
return $page;
}
***************
*** 172,179 ****
while (list($key, $page) = each($pos['data'])) {
$pagedata = RetrievePage($dbi, $page, $WikiPageStore);
! if (eregi($pos['search'], serialize($pagedata))) {
return $pagedata;
! }
! }
return 0;
}
--- 172,179 ----
while (list($key, $page) = each($pos['data'])) {
$pagedata = RetrievePage($dbi, $page, $WikiPageStore);
! if (preg_match($pos['search'], serialize($pagedata))) {
return $pagedata;
! }
! }
return 0;
}
Index: dbalib.php
===================================================================
RCS file: /cvsroot/phpwiki/phpwiki/lib/Attic/dbalib.php,v
retrieving revision 1.2.2.3
retrieving revision 1.2.2.4
diff -C2 -r1.2.2.3 -r1.2.2.4
*** dbalib.php 2001/11/07 03:23:24 1.2.2.3
--- dbalib.php 2001/11/07 20:30:47 1.2.2.4
***************
*** 132,136 ****
// setup for title-search
function InitTitleSearch($dbi, $search) {
! $pos['search'] = $search;
$pos['key'] = dba_firstkey($dbi['wiki']);
--- 132,136 ----
// setup for title-search
function InitTitleSearch($dbi, $search) {
! $pos['search'] = '=' . preg_quote($search) . '=i';
$pos['key'] = dba_firstkey($dbi['wiki']);
***************
*** 144,148 ****
$pos['key'] = dba_nextkey($dbi['wiki']);
! if (eregi($pos['search'], $page)) {
return $page;
}
--- 144,148 ----
$pos['key'] = dba_nextkey($dbi['wiki']);
! if (preg_match($pos['search'], $page)) {
return $page;
}
***************
*** 164,168 ****
$pagedata = dba_fetch($key, $dbi['wiki']);
// test the serialized data
! if (eregi($pos['search'], $pagedata)) {
$page['pagename'] = $key;
$pagedata = unserialize(UnPadSerializedData($pagedata));
--- 164,168 ----
$pagedata = dba_fetch($key, $dbi['wiki']);
// test the serialized data
! if (preg_match($pos['search'], $pagedata)) {
$page['pagename'] = $key;
$pagedata = unserialize(UnPadSerializedData($pagedata));
Index: dbmlib.php
===================================================================
RCS file: /cvsroot/phpwiki/phpwiki/lib/Attic/dbmlib.php,v
retrieving revision 1.7.2.2
retrieving revision 1.7.2.3
diff -C2 -r1.7.2.2 -r1.7.2.3
*** dbmlib.php 2001/11/06 20:43:11 1.7.2.2
--- dbmlib.php 2001/11/07 20:30:47 1.7.2.3
***************
*** 166,170 ****
// setup for title-search
function InitTitleSearch($dbi, $search) {
! $pos['search'] = $search;
$pos['key'] = dbmfirstkey($dbi['wiki']);
--- 166,170 ----
// setup for title-search
function InitTitleSearch($dbi, $search) {
! $pos['search'] = '=' . preg_quote($search) . '=i';
$pos['key'] = dbmfirstkey($dbi['wiki']);
***************
*** 179,183 ****
$pos['key'] = dbmnextkey($dbi['wiki'], $pos['key']);
! if (eregi($pos['search'], $page)) {
return $page;
}
--- 179,183 ----
$pos['key'] = dbmnextkey($dbi['wiki'], $pos['key']);
! if (preg_match($pos['search'], $page)) {
return $page;
}
***************
*** 201,205 ****
$pagedata = dbmfetch($dbi['wiki'], $key);
// test the serialized data
! if (eregi($pos['search'], $pagedata)) {
$page['pagename'] = $key;
$pagedata = unserialize(UnPadSerializedData($pagedata));
--- 201,205 ----
$pagedata = dbmfetch($dbi['wiki'], $key);
// test the serialized data
! if (preg_match($pos['search'], $pagedata)) {
$page['pagename'] = $key;
$pagedata = unserialize(UnPadSerializedData($pagedata));
Index: fullsearch.php
===================================================================
RCS file: /cvsroot/phpwiki/phpwiki/lib/Attic/fullsearch.php,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -C2 -r1.4 -r1.4.2.1
*** fullsearch.php 2000/12/30 21:09:13 1.4
--- fullsearch.php 2001/11/07 20:30:47 1.4.2.1
***************
*** 5,9 ****
if(get_magic_quotes_gpc())
$full = stripslashes($full);
!
$html = "<P><B>"
. sprintf(gettext ("Searching for \"%s\" ....."),
--- 5,10 ----
if(get_magic_quotes_gpc())
$full = stripslashes($full);
! $full = trim($full);
!
$html = "<P><B>"
. sprintf(gettext ("Searching for \"%s\" ....."),
***************
*** 25,30 ****
// print out all matching lines, highlighting the match
for ($j = 0; $j < (count($pagehash["content"])); $j++) {
! if ($hits = preg_match_all("/$full/i", $pagehash["content"][$j], $dummy)) {
! $matched = preg_replace("/$full/i",
"${FieldSeparator}OT\\0${FieldSeparator}CT",
$pagehash["content"][$j]);
--- 26,31 ----
// print out all matching lines, highlighting the match
for ($j = 0; $j < (count($pagehash["content"])); $j++) {
! if ($hits = preg_match_all(":$full:i", $pagehash["content"][$j], $dummy)) {
! $matched = preg_replace(":$full:i",
"${FieldSeparator}OT\\0${FieldSeparator}CT",
$pagehash["content"][$j]);
Index: mysql.php
===================================================================
RCS file: /cvsroot/phpwiki/phpwiki/lib/Attic/mysql.php,v
retrieving revision 1.10.2.3
retrieving revision 1.10.2.4
diff -C2 -r1.10.2.3 -r1.10.2.4
*** mysql.php 2001/11/07 18:54:07 1.10.2.3
--- mysql.php 2001/11/07 20:30:47 1.10.2.4
***************
*** 218,222 ****
function MakeSQLSearchClause($search, $column)
{
! $search = addslashes(preg_replace("/\s+/", " ", $search));
$term = strtok($search, ' ');
$clause = '';
--- 218,225 ----
function MakeSQLSearchClause($search, $column)
{
! $search = preg_replace("/\s+/", " ", trim($search));
! $search = preg_replace('/(?=[%_\\\\])/', "\\", $search);
! $search = addslashes($search);
!
$term = strtok($search, ' ');
$clause = '';
***************
*** 232,235 ****
--- 235,239 ----
$clause .= 'AND ';
}
+
return $clause;
}
Index: pgsql.php
===================================================================
RCS file: /cvsroot/phpwiki/phpwiki/lib/Attic/pgsql.php,v
retrieving revision 1.4.2.4
retrieving revision 1.4.2.5
diff -C2 -r1.4.2.4 -r1.4.2.5
*** pgsql.php 2001/11/07 18:58:14 1.4.2.4
--- pgsql.php 2001/11/07 20:30:47 1.4.2.5
***************
*** 236,239 ****
--- 236,240 ----
$search = strtolower($search);
+ $search = preg_replace('/(?=[%_\\\\])/', "\\", $search);
$search = addslashes($search);
$query = "select pagename from $dbi[table] where lower(pagename) " .
***************
*** 263,267 ****
$search_counter = 0;
$search = strtolower($search);
! $search = addslashes($search);
$search = addslashes($search);
$query = "select pagename,content from $dbi[table] " .
--- 264,268 ----
$search_counter = 0;
$search = strtolower($search);
! $search = preg_replace('/(?=[%_\\\\])/', "\\", $search);
$search = addslashes($search);
$query = "select pagename,content from $dbi[table] " .
Index: search.php
===================================================================
RCS file: /cvsroot/phpwiki/phpwiki/lib/Attic/search.php,v
retrieving revision 1.3
retrieving revision 1.3.2.1
diff -C2 -r1.3 -r1.3.2.1
*** search.php 2001/01/02 00:10:28 1.3
--- search.php 2001/11/07 20:30:47 1.3.2.1
***************
*** 11,16 ****
. "</B></P>\n";
! // quote regexp chars
! $search = preg_quote($search);
// search matching pages
--- 11,16 ----
. "</B></P>\n";
! // quote regexp chars (backends should do this...)
! //$search = preg_quote($search);
// search matching pages
Index: msql.php
===================================================================
RCS file: /cvsroot/phpwiki/phpwiki/lib/Attic/msql.php,v
retrieving revision 1.6.2.3
retrieving revision 1.6.2.4
diff -C2 -r1.6.2.3 -r1.6.2.4
*** msql.php 2001/11/07 18:58:14 1.6.2.3
--- msql.php 2001/11/07 20:30:47 1.6.2.4
***************
*** 345,348 ****
--- 345,349 ----
// setup for title-search
function InitTitleSearch($dbi, $search) {
+ $search = preg_replace('/(?=[%_\\\\])/', "\\", $search);
$search = addslashes($search);
$query = "select pagename from $dbi[table] " .
***************
*** 369,372 ****
--- 370,374 ----
// select unique page names from wikipages, and then
// retrieve all pages that come back.
+ $search = preg_replace('/(?=[%_\\\\])/', "\\", $search);
$search = addslashes($search);
$query = "select distinct pagename from $dbi[page_table] " .
Index: mssql.php
===================================================================
RCS file: /cvsroot/phpwiki/phpwiki/lib/Attic/mssql.php,v
retrieving revision 1.1.2.4
retrieving revision 1.1.2.5
diff -C2 -r1.1.2.4 -r1.1.2.5
*** mssql.php 2001/11/07 18:58:14 1.1.2.4
--- mssql.php 2001/11/07 20:30:47 1.1.2.5
***************
*** 248,252 ****
function MakeSQLSearchClause($search, $column)
{
! $search = addslashes(preg_replace("/\s+/", " ", $search));
$term = strtok($search, ' ');
$clause = '';
--- 248,255 ----
function MakeSQLSearchClause($search, $column)
{
! $search = preg_replace("/\s+/", " ", trim($search));
! $search = preg_replace('/(?=[%_\\\\])/', "\\", $search);
! $search = addslashes($search);
!
$term = strtok($search, ' ');
$clause = '';
|
